Privacy Policy

Aletheva Systems ("Aletheva", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you interact with our website, our services, or systems we operate on behalf of our clients.

This policy is issued in accordance with the Personal Data Protection Act 2012 of Singapore ("PDPA") and reflects the obligations we owe both to our direct clients and to the end-users who interact with the systems we build.

By engaging our services or interacting with systems operated by Aletheva, you agree to the practices described in this policy.

Aletheva Systems is a digital services company registered in Singapore. We provide the following services to small and medium enterprises:

• Website design, build, and ongoing optimisation ("Website Revamp")
• Search Engine Optimisation and Answer Engine Optimisation ("SEO + AEO")
• AI-powered chatbots deployed on client websites, WhatsApp, and Telegram ("AI Chatbot")
• AI-powered voice agents that answer inbound calls on behalf of clients ("AI Voice Assistant")
• Lead generation and outreach services for prospective clients

Contact details:

• Email: info@aletheva.com
• Website: aletheva.com
• Registered office: Singapore

It is important to distinguish two scenarios:

• Data Controller. When you engage Aletheva directly as a client, or when you contact us as a prospective customer, we are the data controller of your personal data. We decide why and how it is processed.
• Data Processor. When you interact with a chatbot, voice agent, or website that Aletheva operates on behalf of one of our clients (for example, you book an appointment at a salon using a chatbot we built), our client is the data controller. We process your data only on their instructions and in accordance with the contract we have with them. In that scenario, the salon's privacy notice governs the relationship between you and them; this policy describes the technical and operational measures Aletheva applies.

This policy primarily addresses our role as a data controller. Where we act as a processor, additional terms in our client service agreements apply.

4.1 Information you provide directly

• Name, business name, role, and contact information (email, phone number)
• Information about your business, website, and operational needs shared during onboarding or consultations
• Account credentials and access tokens you share with us to perform contracted work (for example, Google Business Profile access, hosting credentials, social media accounts)
• Payment and billing information processed via Stripe (we do not store full card details ourselves)
• Communications you send to us by email, messaging platforms, or web forms

4.2 Information collected automatically

• Website analytics on aletheva.com (page views, referrers, device type)
• Conversation logs from systems we operate, including chatbot transcripts and AI Voice Assistant call recordings and transcripts
• Usage metrics such as voice minutes consumed, chatbot conversation counts, and reporting data we generate for clients
• Standard server and platform logs for security, debugging, and abuse prevention

4.3 Information from third parties

• Publicly available business information collected from sources such as Google Maps, Google Places API, and business directories, used to identify prospective clients for our outreach pipeline
• Platform data received from Meta (WhatsApp Business Platform) and Telegram pursuant to their respective Platform Policies
• Telephony metadata and call audio routed through our voice infrastructure providers
• Calendar and email data via Google Workspace integrations when you authorise them

We use personal data for the following purposes:

• To deliver the services you have engaged us for, including website builds, SEO work, chatbot deployment, and voice agent operation
• To process payments, issue invoices, and manage your account
• To train, tune, and improve the AI assistants we deploy on your behalf, using only data you authorise us to use for this purpose
• To monitor service quality, troubleshoot issues, and prevent abuse
• To generate reports we deliver to our clients (for example, monthly SEO performance, call summaries, lead capture metrics)
• To identify and contact prospective clients through our outreach pipeline, using publicly available business information
• To comply with our legal obligations under Singapore law

We do not use personal data for behavioural advertising, do not sell personal data, and do not use the contents of client conversations or call recordings for general AI model training by us or by our subprocessors.

Where our AI Voice Assistant service is deployed for a client, inbound calls are answered by an AI agent and may be recorded and transcribed.

• Callers are notified at the start of each call that they are speaking to an AI assistant and that the call may be recorded for quality and service delivery purposes.
• Call recordings and transcripts are stored securely and accessible only to authorised Aletheva personnel and the client whose voice agent the call relates to.
• Recordings are retained for the period specified in the relevant client service agreement (typically 90 days for operational review, after which transcripts may be retained longer in anonymised form for service improvement).
• Where a caller objects to being recorded, they may request that the recording be deleted by contacting the relevant client or Aletheva directly.

Aletheva relies on a number of third-party service providers to deliver our services. We share personal data with these providers only to the extent necessary for them to perform their function. Current categories of sub-processors include:

• Cloud hosting and infrastructure: Including providers based in Singapore, the European Union, and the United States.
• Payment processing: Stripe, Inc.
• Messaging platforms: Meta Platforms (WhatsApp Business Platform) and Telegram.
• Voice infrastructure: Telephony, speech-to-text, large language model, and text-to-speech providers used to operate AI Voice Assistant services. These may include Twilio, OpenAI, Anthropic, ElevenLabs, Deepgram, and similar providers.
• Workflow automation: n8n and similar tools used to operate our internal pipelines.
• Productivity tools: Google Workspace (Gmail, Google Drive, Google Calendar) where authorised.

Several of these providers are located outside Singapore, including in the United States. Where personal data is transferred outside Singapore, we take reasonable steps to ensure the recipient is bound by obligations to provide a standard of protection comparable to the PDPA. We may share specific sub-processor details with clients on request.

We may also disclose personal data where required by Singapore law, court order, or government authority, or in connection with the sale or transfer of part or all of our business.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. General retention periods are:

• Client account and contract data: for the duration of our engagement and for up to 7 years thereafter for tax, audit, and dispute resolution purposes.
• Chatbot conversation logs: up to 12 months from collection unless a shorter or longer period is specified in the client service agreement.
• Voice call recordings and transcripts: typically up to 90 days unless otherwise agreed.
• Outreach pipeline data on prospective clients: retained until the prospect is converted, lost, or requests deletion.
• Website analytics: up to 26 months.

You may request earlier deletion at any time by contacting info@aletheva.com. Some data must be retained to meet legal obligations or to resolve disputes.

We implement reasonable technical and organisational measures to protect personal data, including:

• Encrypted transmission of data (HTTPS/TLS)
• Access controls, authentication, and least-privilege principles for our systems
• Encrypted storage of sensitive credentials and access tokens
• Regular review of our data handling practices
• Vendor due diligence on sub-processors

No method of internet transmission or electronic storage is fully secure, and we cannot guarantee absolute security.

Subject to the PDPA and applicable exceptions, you have the right to:

• Request access to the personal data we hold about you
• Request correction of inaccurate or incomplete personal data
• Withdraw consent for the collection, use, or disclosure of your personal data
• Request that we cease retention of your personal data where lawful to do so

To exercise any of these rights, please contact our Data Protection Officer at info@aletheva.com. We will respond within 30 days. We may need to verify your identity before responding. Withdrawing consent may affect our ability to continue providing services to you.

Our website (aletheva.com) may use cookies and similar technologies to enable site functionality and analyse usage. You may control cookies through your browser settings. Disabling cookies may affect site functionality.

Our services are directed at businesses and are not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently done so, please contact us and we will delete the data.

Our website and the systems we operate may contain links to third-party services. We are not responsible for the privacy practices of those third parties and encourage you to review their respective policies.

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this document and, where appropriate, notify you by email or through our website. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Aletheva Systems
Singapore
Email: info@aletheva.com
Website: aletheva.com

We take all privacy enquiries seriously and aim to respond within a reasonable timeframe.